RBAC (Role-Based Access Control) role-based access control.

1. Basic idea: Introduce the concept of roles between users and access permissions, connect users and roles, and control user access to system resources through authorization of roles. Compared with traditional access control, the introduction of roles greatly simplifies the management of permissions. (Recommended learning: yii framework )

1). Role: It can be understood as a collection of permissions and permissions. For example: in a forum system, "super administrator" and "moderator" are roles.

2).Permissions: Moderators can manage posts in the forum, users in the forum, etc. These are permissions.

Implementation of rbac in Yii2

1.Yii2 implements a general layered RBAC, and the model it follows is also the NIST RBAC model.

2. The concept of rule is added in yii2. What is rule?

For example: For the article system, we have administrators and ordinary users, which allow administrators to perform any operations on articles, but only ordinary users are allowed to create articles and modify articles they create, that is to say Ordinary users have the permission to modify articles, but the restriction of Extra is that they can only modify their own articles. This verification of Extra is what the rules are responsible for.

3. The permission management implementation of yii2 supports two carriers: file and db. The core of the db-based implementation is four tables:

1) Storage roles or permissions Table: auth_item (type: 1 represents role; 2 represents permission)

CREATE TABLE `auth_item` (
`name` varchar(64) NOT NULL,
`type` int(11) NOT NULL,
`description` text,
`rule_name` varchar(64) DEFAULT NULL,
`data` text,
`created_at` int(11) DEFAULT NULL,
`updated_at` int(11) DEFAULT NULL,
PRIMARY KEY (`name`),
KEY `rule_name` (`rule_name`),
KEY `type` (`type`),
CONSTRAINT `auth_item_ibfk_1` FOREIGN KEY (`rule_name`) REFERENCES `auth_rule` (`name`) ON DELETE SET NULL ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8

2) The superior and subordinate association table of permissions and roles: auth_item_child

(includes the relationship: Roles can contain roles, roles can contain permissions, and permissions can contain permissions, but permissions cannot contain roles)

CREATE TABLE `auth_item_child` (
`parent` varchar(64) NOT NULL,
`child` varchar(64) NOT NULL,
PRIMARY KEY (`parent`,`child`),
KEY `child` (`child`),
CONSTRAINT `auth_item_child_ibfk_1` FOREIGN KEY (`parent`) REFERENCES `auth_item` (`name`) ON DELETE CASCADE ON UPDATE CASCADE,
CONSTRAINT `auth_item_child_ibfk_2` FOREIGN KEY (`child`) REFERENCES `auth_item` (`name`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8

3) Assignment table of users and permissions (roles): auth_assignment

CREATE TABLE `auth_assignment` (
`item_name` varchar(64) NOT NULL,
`user_id` varchar(64) NOT NULL,
`created_at` int(11) DEFAULT NULL,
PRIMARY KEY (`item_name`,`user_id`),
CONSTRAINT `auth_assignment_ibfk_1` FOREIGN KEY (`item_name`) REFERENCES `auth_item` (`name`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8

4) Rule table: auth_rule

CREATE TABLE `auth_rule` (  
  `name` varchar(64) NOT NULL,  
  `data` text,  //存的是一個(gè)序列化的實(shí)現(xiàn)了yii\rbac\Rule接口的類的一個(gè)對(duì)象實(shí)例
  `created_at` int(11) DEFAULT NULL,  
  `updated_at` int(11) DEFAULT NULL,  
  PRIMARY KEY (`name`),  
  KEY `name` (`name`),  
  KEY `created_at` (`created_at`),  
  KEY `updated_at` (`updated_at`)  
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='權(quán)限規(guī)則表';

The above is the detailed content of How to implement rbac in yii2. For more information, please follow other related articles on the PHP Chinese website!